Microsoft Offers Security Advice for Windows Azure Developers

By Darryl K. Taft  |  Posted 2010-06-14

Microsoft has released a technical paper aimed at helping developers build more secure applications for the Microsoft Windows Azure cloud platform.

In the new paper, titled "Security Best Practices for Developing Windows Azure Applications," Microsoft explains how to use the security defenses in Windows Azure as well as how to build more secure Windows Azure applications.

Microsoft's Windows Azure security paper is available as of June 14 and is targeted at application designers, architects, developers and testers. The paper is based on the proven practices of Microsoft's Security Development Lifecycle (SDL). Moreover, with the release of this paper, Microsoft is working to share what it has learned and build on its commitment to create a more trusted computing experience for everyone.

In a blog post on the issue, Michael Howard, principal security program manager for Security Engineering at Microsoft, said: "Over the last few months, a small cross-group team within Microsoft, including the SDL team, has written a paper that explains how to use the security defenses in Windows Azure as well as how to apply practices from the SDL to build more secure Windows Azure solutions."

It is no surprise that issues related to the security of the cloud are becoming increasingly important for businesses and consumers. As a result, it is important that people delivering products to the cloud understand that they must build applications with security in mind from the start, Howard said.

Specifically, the paper details proven practices for secure design, development and deployment, including service-layer/application security considerations; protections provided by the Azure platform and underlying network infrastructure; and sample design patterns for hardened/reduced-privilege services.

A summary of the Microsoft paper reads:

"This paper focuses on the security challenges and recommended approaches to design and develop more secure applications for Microsoft's Windows Azure platform.  Microsoft Security Engineering Center (MSEC) and Microsoft's Online Services Security & Compliance (OSSC) team have partnered with the Windows Azure team to build on the same security principles and processes that Microsoft has developed through years of experience managing security risks in traditional development and operating environments."

A video about the paper is available here, and the paper is available for download here.

Rocket Fuel